<?php

// verifies the login data on every page in the member's section (this code has to be included on the top of every access-restricted page)

require("../include/session.inc");
require("../include/functions.inc");

/*
header("Content-Type: text/plain");
foreach (array_keys($_POST) as $k) {
  print "$k = {$_POST[$k]}\n";
}
exit;
*/

// connect to DB

openConnection();

// user verification

$sql = "SELECT * FROM sunsers WHERE email='".$email."' AND lozinka='".$password."' AND suns='2'";
$result = mysql_query($sql)
        or die ("Could not retrieve data!");

if (mysql_num_rows($result) != 1) {

  session_unset();
  session_destroy();
  
  setcookie("check_email", "", time()-10800, "/", "", 0);
  setcookie("check_hash", "", time()-10800, "/", "", 0);
  setcookie("check_user", "", time()-10800, "/", "", 0);
  setcookie(session_name(), "", time()-10800, "/", "", 0);
  
  header("Location:cmslogin.php?login=0");
  exit;

} else {
  session_start();
  $user_data = mysql_fetch_row($result);
  // die($user_data[2]);
  $pass_me = urlencode(serialize($user_data));
  $user = 'sunsbloger';
  $_SESSION['user'] = $user;

  // set cookies for 180 minutes
  setcookie("check_email", $email, time()+10800, "/", "", 0);
  setcookie("check_hash", md5($email.$hash_password), time()+10800, "/", "", 0);
  setcookie("check_user", $pass_me, time()+10800, "/", "", 0);
   
  header("Location:index.php?jazik=$jazik");
  
  exit;
}

?>